This plugin is a proof of concept for a maven plugin that can be used to validate
the integrity of a maven repository. It does this by generating a lock file that contains
the checksums of all the artifacts in the repository. The lock file can then be used to
validate the integrity of the repository. This guards the supply chain against malicious
actors that might tamper with the artifacts in the repository.
License | MIT |
---|---|
Categories | Maven Plugins |
Tags | plugingithubbuildbuild-systemmaven |
HomePage | https://github.com/chains-project/maven-lockfile |
Date | Mar 25, 2023 |
Files | pom (9 KB) maven-plugin (35 KB) View All |
Repositories | Central |
Ranking | #729389 in MvnRepository (See Top Artifacts) #5730 in Maven Plugins |
Vulnerabilities | Vulnerabilities from dependencies: CVE-2023-2976 CVE-2020-8908 |
Compile Dependencies (8)
Category/License | Group / Artifact | Version | Updates | |
---|---|---|---|---|
JSON Lib Apache 2.0 | com.google.code.gson » gson | 2.10.1 | 2.11.0 | |
Core Utils Apache 2.0 | com.google.guava » guava2 vulnerabilities | 31.1-jre | 33.4.0-jre | |
Logging Apache 2.0 | org.apache.logging.log4j » log4j-core | 2.20.0 | 2.24.3 | |
Build Model Apache 2.0 | org.apache.maven » maven-plugin-api | 3.9.0 | 3.9.9 | |
Build Tool Apache 2.0 | org.apache.maven » maven-core | 3.9.0 | 3.9.9 | |
Annotation Lib Apache 2.0 | org.apache.maven.plugin-tools » maven-plugin-annotations | 3.8.1 | 3.15.1 | |
Maven Repo API Apache 2.0 | org.apache.maven.resolver » maven-resolver-api | 1.9.7 | 2.0.5 | |
Logging Bridge Apache 2.0 | org.slf4j » log4j-over-slf4j | 2.0.7 | 2.0.16 |
Test Dependencies (7)
Category/License | Group / Artifact | Version | Updates | |
---|---|---|---|---|
Apache 2.0 | com.soebes.itf.jupiter.extension » itf-jupiter-extension | 0.12.0 | 0.13.1 | |
Apache 2.0 | com.soebes.itf.jupiter.extension » itf-assertj | 0.12.0 | 0.13.1 | |
Apache 2.0 | org.apache.maven » maven-compat | 3.9.1 | 3.9.9 | |
Apache 2.0 | org.apache.maven.plugin-testing » maven-plugin-testing-harness | 3.3.0 | ✔ | |
Apache 2.0 | org.instancio » instancio | 1.0.4 | ✔ | |
Testing EPL 2.0 | org.junit.jupiter » junit-jupiter-api | 5.9.2 | 5.11.4 | |
Testing EPL 2.0 | org.junit.jupiter » junit-jupiter-engine | 5.9.2 | 5.11.4 |
Licenses
License | URL |
---|---|
MIT | https://opensource.org/licenses/MIT |
Developers
Name | Dev Id | Roles | Organization | |
---|---|---|---|---|
Martin Wittlinger | MartinWitt |